MDL-58220 oauth2: Sanity check user pictures

This commit is contained in:
Damyon Wiese
2017-03-31 10:48:15 +08:00
parent 7b9f5b9986
commit 14cfd280d3

View File

@ -282,6 +282,18 @@ class client extends \oauth2_client {
} }
} }
if (!empty($user->picture)) {
// If it doesn't look like a picture lets unset it.
if (function_exists('imagecreatefromstring')) {
$img = @imagecreatefromstring($user->picture);
if (empty($img)) {
unset($user->picture);
} else {
imagedestroy($img);
}
}
}
return (array)$user; return (array)$user;
} }
} }